Changeset 26517


Ignore:
Timestamp:
11/23/12 20:19:42 (8 years ago)
Author:
ak19
Message:

Not allowing browser access to the contents of folder usersDB

File:
1 edited

Legend:

Unmodified
Added
Removed
  • main/trunk/greenstone3/web/WEB-INF/web.xml

    r26514 r26517  
    409409  </mime-mapping>
    410410
     411<!-- Deny access to contents of URL pattern /usersDB/*
     412It appears the url pattern has to be relative to the web directory (a url-pattern of /usersDB/* is insufficient), so this may need to be done for all sites.
     413http://stackoverflow.com/questions/5333266/tomcat-deny-access-to-specific-files
     414and http://www.coderanch.com/t/84442/Tomcat/write-correct-url-pattern-security -->
     415  <security-constraint>
     416    <web-resource-collection>
     417        <web-resource-name>usersDB files</web-resource-name>
     418        <description>No direct access to usersDB files.</description>
     419        <url-pattern>/sites/localsite/etc/usersDB/*</url-pattern>
     420    <!--<url-pattern>/usersDB/*</url-pattern>-->
     421        <http-method>POST</http-method>
     422        <http-method>GET</http-method>
     423    </web-resource-collection>
     424    <auth-constraint>
     425        <description>No direct browser access to usersDB files.</description>
     426        <role-name>NobodyHasThisRole</role-name>
     427    </auth-constraint>
     428  </security-constraint>
     429
    411430</web-app>
Note: See TracChangeset for help on using the changeset viewer.